Proposed Legislation to Combat Identity Theft and Override Loving

We have written extensively on the separate but at times related issues of identity theft and refund fraud. Last week, for example, guest poster Rachael Rubenstein wrote an update on identity theft issues; the post generated spirited comments including one by Bob Kamman essentially suggesting that lots of the blame lies with Congress and the administrations for failing to step up and provide the means necessary for the IRS to step into the 21st century, unlike Bob’s example of  tax administration powerhouse Estonia. Senate Finance staffers gobbling up our posts and comments have sprung to action, with the Senate Finance Committee scheduling an open executive session tomorrow at 10 AM to mark up a bill designed to “prevent identity theft and refund fraud.”  (link to the session is here)

My ear is not to the DC ground but the bill has the bipartisan support of the Chair, Senator Hatch, and ranking Democrat Senator Wyden. A press release announcing the mark up is here; a description of the Chair’s mark up can be found here, and a summary can be found here.

Some of the key proposals in the legislation include requiring the IRS to reduce burdens on identity theft victims. The IRS would also be required to consider and report on measures it is taking to detect and combat identity theft and also study the possibility of allowing someone to file an affidavit blocking the e-filing of returns.

I have previously discussed how thieves take advantage of the IRS look-back compliance model and how earlier matching of information returns before issuing refunds is a crucial measure that can give the Service the means to stop the outflow of funds through identifying discrepancies. Importantly, the legislation includes a number of measures to give the IRS the power to move away from that model. For example, it would push up the filing of W-2, W-3 and 1099 MISC to 15 days after the due date for payee statements, as well as require the IRS to study the possibility of moving up deadline for other information returns. The bill also facilitates the means to get the IRS off its look-back model through requiring many small businesses to transition from paper W-2 and 1099 filing to e-filing and mandates that e-prepared returns that are paper filed have a scannable code allowing the IRS to process the return information more efficiently. Moreover, as the summary describes, the bill allows the IRS to access data in the National Directory of New Hires “for the sole purpose of identifying and preventing false or fraudulent tax return filings and claims for refund.”

There is more in here too, including an increase in penalties on preparers who improperly use taxpayer information and an override of Loving by giving Treasury authority regulate all aspects of tax practice, including paid tax return preparers. It also gives IRS the authority to revoke PTINs of preparers.

This legislation has the potential to be a game changer for tax administration. While the passage of the legislation is unlikely to be a walk in Lahemma perhaps the confluence of high profile cyber thefts and apparent bipartisan support will begin to tip the scales away from those who view the tax system as an open cookie jar.

 

 

 

 

 

Summer Updates: Identity Theft and Tax Administration

Today, we welcome back guest blogger, Rachael E. Rubenstein.  Rachael served as the principal author in the Identity Theft chapter in the recently published 6th Edition of Effectively Representing Your Client before the IRS.  So much has been happening in this area recently that we asked Rachael to bring us up to date and she has done so with a comprehensive post on this area over the past few months.  Rachael just moved from a teaching position at St. Mary’s Law School in San Antonio, Texas where she directed the low income taxpayer clinic to the firm of Strasburger & Price, LLP in the same city.  We appreciate her willingness to write extensively while in the midst of a practice move.  Keith

Tax-related identity theft was a hot topic this summer.  Since I last blogged about it in May, the NTA released her Fiscal Year 2016 Objectives Report to Congress, alerting us to an upswing in the number of open identity theft cases in IRS inventory; a written report was released containing details of the 2015 Security Summit held by Commissioner Koskinen; Senators Johnson, Warner, and Ayotte introduced the Social Security Identity Defense Act of 2015; and the Senate Budget Committee held a hearing, convened by Senator Ayotte, on Tax-Related Identity Theft and Fraudulent Returns.

read more...

My previous post optimistically noted that after almost a decade of annual increases, the volume of IRS identity theft incidents finally declined by roughly 42 percent in 2014 compared to its peak of 1,901,105 in 2013. Considering the attention and resources focused on this problem, the marked decline in 2014 showed promise.  Unfortunately, the NTA’s June report indicates that the number of open identity theft cases impacting taxpayers in IRS inventory (as of May 2015) swelled again to near May 2013 levels—up 69 percent from May 2014.

The NTA attributes the recent rise in open identity theft cases back to levels observed in 2013 to “the overreach of the TPP [Taxpayer Protection Program] filters and understaffing of the TPP phone lines.” The TPP is responsible for detection, evaluation, and prevention of improper refunds related to identity theft. During the 2015 filing season, TPP return processing filters identified 1,558,874 potentially fraudulent returns using 196 distinct filters that flag returns when certain characteristics are identified. The false positive rate was around 34 percent, meaning that a third of electronically filed tax returns that TPP stopped from posting to a particular account were filed by legitimate taxpayers who expected timely receipt of their tax refunds. These taxpayers received a TPP notice instructing them to call a particular phone number to resolve the issue; however, most that called during the peak of tax season in February were unable to get through at all to a live phone assistor. For those that did get through, there average wait time was between 20 minutes to over an hour.

Immediately after the May 2015 data breach scandal (which turned out to affect around 250,000 more taxpayers than initially reported), we learned that earlier in the Spring, Commissioner Koskinen convened key officials from state taxing authorities and the private tax industry together for a Security Summit to discuss the significant challenges facing tax administration as a result of tax-related identity theft, and potential coordinated strategies. It was widely reported that an agreement was reached among the participants “to form a public-private partnership committed to protecting the nation’s taxpayers and the tax system from IDT [identity theft] refund fraud.” In June, a 9 page report was released detailing the goals of each of the working groups formed from the Security Summit, outlining recommendations, listing existing proposals for congressional consideration, discussing next steps, and describing the participants. This partnership is certainly an innovative approach, and it will be interesting to see how this collaboration plays out.

The Social Security Identity Defense Act was introduced in May and is aimed at amending section 6103 to make it easier for victims of identity theft and law enforcement officials to receive information pertaining to tax-related incidents of identity theft from the FBI and DOJ. Although it is unlikely to be enacted, this bill has reignited discussion regarding the intersection of identity theft and section 6103 disclosure issues. For example—to what extent is the victim taxpayer entitled to information from the Service regarding the incident? Presently, under PMTA 2012-005, Chief Counsel takes the position that once an invalid return is submitted, it becomes the return information of both the true owner of the SSN and the identity thief because the information relates to the potential investigation of liability with respect to both parties. Therefore, the victim of identity theft should have a right to a copy of the bad tax return as long as disclosure would not impair federal tax administration.

In confirmed or suspected cases of identity theft, a taxpayer’s account is marked with various types of identity theft indictors. When such an indicator is present, taxpayers and their representatives may find it difficult to obtain copies of tax returns or related tax transcripts from the Service because employees are trained to safeguard taxpayer information protected by section 6103. Disclosure violations carry the threat of civil fines and even potential criminal charges. Despite Chief Counsel guidance indicting that the bad return is the return information of both the victim and the alleged identity thief, the IRM “instructs employees to not  to provide . . . copies of tax returns when identity theft indicators are present on the requestor’s account.” In May of 2015, Senator Ayotte wrote a letter to Commissioner Koskinen expressing her concern “with IRS’s refusal to provide tax identity theft victims with copies of the fraudulent returns filed in their names.” She referenced the 2012 Chief Counsel memorandum to support her complaint and request for the Service to change its non-disclosure practices. Commissioner Koskinen acquiescence in a written response issued later the same month and stated that the Service would develop procedures to allow victims of identity theft to request and receive (redacted) copies of tax returns filed under their SSNs.

The hearing held in August covered familiar and fairly bleak territory as well as some encouraging announcements about major programmatic changes regarding identity theft cases processing. A taxpayer testified about the bureaucratic nightmare she endured dealing with IRS and other agencies when her e-filed return was rejected because her deceased child’s SSN was used to file multiple fraudulent returns (it is worth noting that none of the fraudulent filings actually got passed IRS filters). Christopher Lee, TAS Senior Attorney Advisor; J. Russel George, TIGTA; and Commissioner Koskinen testified about the general state of refund-related identity theft—the broad consensus was that despite its many gains in terms of detection and prevention of refund-related identity theft, the Service still has a long way to go in order to get ahead of the overall identity theft crisis.

In addition to the jump in the number of incidents during the 2015 filing season, and the TPP false positive rate, lengthy delays in case processing and poor customer service are stubborn problems (although the situation is certainly not as bad as it once was in the early part of the decade). A study conducted by TAS of cases closed in 2014 found that 179 days was the average resolution time for an identity theft case from a taxpayer’s perspective. The Service’s slow progress towards improvement of case processing times is partly attributable to the increasing complexity of identity theft cases. Such cases require the involvement of multiple functions under the Service’s decentralized case management structure, which has been in operation for several years. The same 2014 TAS study found that approximately 30 percent of cases involve multiple issues.

TAS has repeatedly called for the Service to set-up “a sole point of contact system” for victims with complex identity theft cases. While the Service has announced its final phase of a plan to re-engineer its approach to victim assistance, moving towards a more centralized model, the prospects for adoption of this particular TAS recommendation appear dim. Commissioner Koskinen’s version of a “single point of contact” described during the hearing involves yet another specialized toll free phone line, as opposed to the TAS model of one designated employee to handle a particular victim’s case.

The Commissioner’s testimony reminded stakeholders that sophisticated cyber criminals present momentous challenges to the Service in an era of archaic IRS technological systems and strained financial resources. Still, he pledged that the Service is continuing to work diligently on efforts to combat identity theft, and he announced some specific plans for 2015-2016. One is the roll out of the Identity Theft Assistance organization, a consolidation of various identity theft programs into one division aimed at unifying the Service’s victim assistance and identity theft compliance activities. Another is an improved case resolution average of 120 days. Further, new protections for electronic filing, developed by the Security Summit working groups, were promised before the 2016 filing season.

The Service requested additional money for improved cyber security and revamped identity theft initiatives, which is reflected in the President’s FY 2016 Budget pending before congress. All tax administrators who testified at the hearing agree that the IRS needs more funding to address the identity theft epidemic. They also share the view that congress should take a more active role in enacting various legislative tools to assist the IRS in combating this pervasive problem.

 

 

Summary Opinions for the second half of May

Here is part two of the items from May we didn’t otherwise cover.  We’ll have the June items shortly, and then July.  Hopefully, I’ll get back on track for weekly summaries in the near future.

  • The Sixth Circuit in Ednacot v. Mesa Medical Group, PLLC affirmed the lower court tossing a physician assistant’s claim that an employer wrongfully withheld employment taxes.  The Court determined this was tantamount to a refund suit, which required the taxpayer to first file an administrative claim for refund with the IRS prior to bringing suit.  There seems to be a lengthy past between the parties in this case.  The petitioner brought up a valid seeming point that she did not know if the withholdings were paid to the IRS, and therefore wasn’t sure if the refund was appropriate, but the Court held that Section 7422 was designed to funnel these issues through the administrative process.
  • Couple interesting privilege cases recently, including the Pacific Management Group decision blogged by Joni Larson for us.  In a case that may have a somewhat chilling effect on making reasonable cause claims, the Tax Court has held that claiming reasonable cause to the substantial valuation misstatement penalty waived attorney client privilege and the work product doctrine for certain communications between the taxpayer and its lawyer and accountant.  See Eaton Corp. and Sub. v. Comm’r.  This holding was the affirming of a motion for reconsideration.  The Court found that although there was an objective determination under Section 6662(e)(3), whether relying on the advice on Section 482 was based on the facts and circumstances, including the advice of the lawyer.  By claiming reasonable cause, the privileges were waived for that issue.
  • Taxpayer was successful arguing against the substantial understatement penalty in Johnston v. Comm’r, but it was because the taxpayer didn’t actually owe the tax.  The IRS had argued that a debt between the taxpayer (an executive of a telcom company) and his company was discharged by his employer when he moved to a related entity.  There was credible evidence that it was not discharged and payment continued.  There was the pesky issue that the loan wasn’t paid until the IRS audited the individual, but the Court found that the audit prompted the company to do something with the loan and it hadn’t been tax avoidance…must have been persuasive testimony.
  • LAFA issued guidance on the effect on the limitations period on assessment for payroll tax when the wrong form is filed. (LAFA 20152101F).  Employers are generally required to file quarterly returns on Form 941 for employment taxes when they are paid in that period.  A different form, Form 944 is used for certain employers with little  employment tax liability, and that is required annually.  The statute generally runs from the date of the deemed filing of employment tax returns, which is April 15 the following year.  See Section 6501(a)&(b).  The LAFA reviews the following three situations:
  1. Employer is required to file Form 944, but instead timely files four quarterly Forms 941.

  2. Employer is required to file Form 944, but timely files Form 941 for the first and second quarters of the year instead, and files nothing for the third or fourth quarters of the year.

  3. Employer is required to file quarterly Forms 941, but timely files annual Form 944 instead.

 

The quick conclusions were:

  1.  Assuming the Forms 941 purport to be returns, are an honest and reasonable attempt to satisfy the filing requirements, are signed under penalty of perjury, and can be used to determine Employer’s annual FICA and income tax withholding tax liability, the Forms 941 meet the Beard formulation and should be treated as valid returns for purposes of starting the period of limitations on assessment.

  2.  An argument can be made that the Forms 941 for the first and second quarters of the tax year constitute valid returns under the Beard formulation since they purport to be returns and are signed under penalty of perjury. However, given that Employer’s FICA and income tax withholding tax liability for the third and fourth quarters will not necessarily be equal to that reported for the first two quarters, the Forms 941 arguably are not sufficient for purposes of the determining Employer’s annual FICA and income tax withholding tax liability and may not be honest and reasonable attempts to satisfy the tax law.

  3.  Assuming the Form 944 purports to be a return, is an honest and reasonable attempt to satisfy the filing requirements, can be used to determine Employer’s annual FICA and income tax withholding tax liability, and is signed under penalty of perjury, Employer’s Form 944 meets the Beard formulation and should be treated as a valid return for purposes of the period of limitations on assessment.

  • A taxpayer in a chapter 11 case, Francisco Rodriquez (not the current Brewers closer who pitched for the Mets before choking out his relative in the clubhouse) was successful in avoiding a lien under 11 USC 506 on property held by the taxpayer that was already underwater with three prior liens.  In re Rodriguez, 115 AFTR2d 2015-1750 (Bktcy D MD 2015).  Section 506 allows liens to be stripped if the property lacks equity, which was what the taxpayer was attempting.  SCOTUS in Dewsnup v. Timm held that  a chapter 7 debtor cannot “strip down” an allowed secured claim (clearly, I was not the debtor, otherwise SCOTUS would have tossed on some Its Raining Men, and granted my right to strip down—I only did it to pay for college, I swear—and yet, still so many student loans).  Various other cases have held that Dewnsup does not extend to other chapters in bankruptcy, and the District Court held that lien stripping was appropriate in chapter 11 under the taxpayer’s circumstances.
  • The Tenth Circuit continues its clear prejudice and hatred towards Canadians (I completely made that up and that link is NSFW) in Mabbett v. Comm’r, where it found the Tax Court properly tossed a petition as being untimely that was filed by a resident of the US, who was a Canadian citizen.  The Court found the Service had properly sent the stat notice to the taxpayer at her last known address (and even if that was not the case, her representative had forwarded her a copy well before the due date of the petition).  The taxpayer also claimed that she was entitled to the 150 day period to file her petition to the court under Section 6213(a) because she was a Canadian citizen.  The Court stated, however, that the statute was clear that the 150 day rule only applies when “the notice is addressed to a person outside the United States.”  The taxpayer had been traveling, and was Canadian, but failed to show she was outside of the United States at the time the notice was sent.
  • In case you haven’t seen, the Service has started a cybercrimes unit to combat stolen ID tax fraud.  In my mind, this is sort of like the IRS and Tron having a lovechild, which I would assume to look like this.  Jack Townsend has real coverage on his Federal Tax Crimes Blog.
  • Jack also has coverage of the new IRS FBAR penalty guidance, which can be found here

 

Reflections on the General State of Tax-related Identity Theft

We have previously discussed the challenges of identity theft in Procedurally Taxing, most recently in a guest post from former prosecutor Justine Gelfand. Today we return to the issue and welcome back guest blogger, Rachael Rubenstein, who is a Senior Tax Fellow at St. Mary’s School of LawRachael served as the principal author of the Identity Theft chapter in the 6th Edition of Effectively Representing Your Client before the IRS.”  Because of all of the changes in this area since the time of publishing the 5th Edition, she essentially had to write the chapter from scratch. She reflects here on recent issues concerning identity theft.  Her closing paragraph comparing the amount the IRS spends on data security compared to a large bank should give us all pause.  Keith

Recent news of a large scale data breach involving the IRS website here  here and here, and the announcement that the IRS plans to establish formal guidelines to allow victims of refund-related identity theft to gain access to copies of the fraudulently filed returns here, has refocused attention to the widespread issue of tax-related identity theft. As have reports during the filing season of suspicious tax return filings through TurboTax Software, which launched an ongoing FBI investigation here and  here. Coverage of this issue has inspired increased frustration and anger towards the IRS, an agency we all know is suffering from some serious PR problems. Last month my dad contacted me panicked because he learned a fraudulent tax return was filed under his Social Security Number (SSN). I told him what I tell many of my clients, “It will be ok. The problem will be fixed as long as you file the correct paperwork. The IRS has a lot of experience with this type of activity, although it will take several months to correct.”  Luckily my parents, unlike most clients, were not waiting on a large tax refund to supplement their income for the year. Still, the psychological and financial effects of this type of victimization are felt regardless of one’s tax bracket.

read more...

In terms of tax administration, identity theft is a relatively new phenomenon—emerging in the early 2000s along with the rise in e-filing. There are two types of tax-related identity theft: refund-related and employment-related. The latter occurs when an individual uses the SSN of another in order to gain employment, which often causes IRS problems because of the wages earned and reported by employers under the wrong SSN.  Most attention and resources are focused on refund-related, which involves the use of stolen personal data to obtain improper refunds causing economic damage to individual taxpayers and the treasury. IRS figures estimate the cost of undetected refund-related identity theft at approximately $5 billion a year. Until tax year 2013, the numbers of taxpayers affected by (broadly defined) tax-related identity theft each year rose at an alarming rate. According to a 2013 TIGTA report here in calendar year 2010, there were roughly 440,581 IRS identity theft incidents compared to 1,901,105 in 2013.

From 2004 to 2013, the NTA identified tax-related identity theft as one of the “‘Most Serious Problems” faced by taxpayers in nearly every annual report submitted to Congress here. In addition to the various audits TIGTA conducts each year on the Service’s information security programs, TIGTA has aggressively audited IRS handling of identity theft and its ongoing efforts to stop it before a taxpayer is victimized. At the beginning of the decade refund-related identity theft overwhelmed the IRS. Victim taxpayers generally waited over a year to receive their refunds and, often, had to submit numerous copies of the same evidence to IRS in order to resolve their cases. A review of TIGTA and TAS reports shows that the peak of lost revenue and the length of case processing for victims occurred in 2010 through 2012. The volume of actual incidents (both employment and refund-related) was the highest in 2013 and, finally, declined by roughly 42% by the end of 2014 here. Since 2012, the IRS has made combating identity theft a top priority and steady progress has been made on both prevention and victim services. The IRS used a variety of methods to attack the problem, including: novel technology detection and prevention models,  increased criminal investigations/prosecutions, increased cooperation with the private sector, redevelopment of case processing procedures, expansion of programs to assist victims, and added personnel dedicated to handling identity theft cases. In April 2015, the most recent TIGTA audit on refund-related identity theft here reported $22–24 billion of fraudulent tax refunds were prevented during the 2013 filing season. Still, around $5.75 billion was lost as a result of this crime during the same period. These figures are based on IRS estimates, which generally capture higher figures than TIGTA audits. Most practitioners who regularly work these cases will tell you that processing times have improved (down to a not so impressive average of 6–8 months), and IRS employees are better equipped to handle identity theft claims. The darkest days of tax-related may have already passed, although vulnerabilities in IRS information technology programs could certainly turn the tide.

May’s data breach represented a shift in sophistication by identity thieves. Instead of using personal data stolen from external sources to steal refund money by e-filing fraudulent tax returns, hackers used a hybrid theft model. First, previously stolen information such as names, dates of birth, and addresses, were used to access the “Get a Transcript” feature on the IRS website. This tool was launched in January of 2014 to streamline taxpayer requests for prior year tax transcripts—reducing IRS call volume and providing instant data to the requestor. By accessing these transcripts, cyber-attackers obtained specific details about their victims filing histories. Such information was used (or planned to be used) to circumvent the Service’s return processing identity theft detection filters. It’s worth noting that the IRS has approximately 144 such filters. In his June 2nd testimony before the Senate Finance Committee on this incident here, Commissioner Koskinen stated the Service’s cyber security team detected suspicious activity on the “Get a Transcript” application in mid-May and shut down the feature on May 21st. IRS investigation revealed that roughly 100,000 taxpayer accounts were affected, resulting in around 13,000 suspect tax returns filed. About $39 million in fraudulent refunds were paid out. Another 23,500 returns from these compromised accounts were stopped by IRS fraud filters.

Shifting blame to the IRS for this cyber attack is easy. Much of the agency’s information technology systems are antiquated and known vulnerabilities continue to exist (detailed in TIGTA’s June 2nd written testimony here). Any time there is a high profile problem identified in tax administration, we hear a familiar parade of horribles launched at the agency. This massive disclosure violation merits a more thoughtful response. Indeed, last week IRS announced a formal agreement to work collaboratively with state tax administrators and leaders of the private electronic tax industry. Details of the agreement were developed after Koskinen convened a Security Summit with IRS representatives and these external stakeholders on March 19th, and include new initiatives in the areas of taxpayer authentication; fraud identification; information sharing/assessment; cybersecurity framework; and taxpayer awareness and communication here. These coordinated efforts sound promising but there is a missing player in this partnership to fight back against tax-related identity theft.

Since 2011, at least a dozen congressional hearings on this topic were held, yet no meaningful legislation has emerged to combat tax-related identity theft. The well-treaded path of investigation, condemnation, cost cutting, and added responsibilities will not suffice—legislative solutions are needed. Koskinen mentioned several in the June 2nd hearing: approval of the President’s FY 2016 Budget request (“with $101 million specifically devoted to identity theft and refund fraud, plus $188 million for critical information technology infrastructure”); passage of legislation to “accelerate information return filing deadlines” for improved detection of fraudulent filings during tax season; and criminal and civil penalty deterrence statutes. On June 4th, Senate Finance Committee Chairman, Orrin Hatch, and Ranking Member, Ron Wyden, released a statement outlining the Committee’s work on this issue here. Legislation introduced by Senator Marco Rubio in March of 2015 here aimed at curtailing tax-related identity theft may also merit consideration. Lawmakers should act to implement legislation and better safeguard the public fisc from this pervasive crime.

*In 2014, JP Morgan Chase spent $250 million on cyber security and still experienced a large scale data breach here. In comparison, the IRS spent around $141.5 million on cyber security in the same year here.

Most Recent IRS International Hacking Reveals Vulnerability

As I discussed in yesterday’s post on proposals to expand the EITC, identity theft is a growing problem for IRS and the economy overall. In today’s guest post we hear from Justin Gelfand.  

Justin is a former federal prosecutor who is currently in private practice at the Capes Sokol Goodman and Sarachan law firm in in St. Louis, Missouri.  In 2013, Gelfand received the Attorney General’s Award for Fraud Prevention for his work on stolen identity tax refund fraud.  Justin has both prosecuted and defended criminal tax cases in districts throughout the United States. I heard Justin’s thoughtful presentation on the topic of identity theft at the recent ABA Tax Section meeting and asked him if he would share his views with our readers. Justin intends to discuss this growing problem and his ideas regarding solutions in greater detail in future posts. Les

According to national reports, hackers allegedly stole the personal data of approximately 100,000 taxpayers from the IRS’s computer system.  The most recent investigative report from CNN reveals the IRS believes the cyber-attack has links to Russia.  In the coming days, weeks and months, federal law enforcement will no doubt do everything it can to detect who is behind this alleged cybercrime and, if possible, to bring charges against those allegedly responsible.

As the IRS continues to combat stolen identity tax refund fraud, an epidemic that costs the Government more than $5 billion per year, the significance of this cyber-attack cannot be overstated: it is game-changing.  At a minimum, if the latest news coverage is accurate, it is crystal clear that international hackers successfully infiltrated the IRS’s computer system to steal legally-protected and extremely sensitive taxpayer information.  This information must inevitably threaten the IRS’s filters in place to detect fraudulent tax returns filed in the names of stolen identities.  After all, if the IRS is looking at a taxpayer’s prior tax returns, the hackers now have that information.

read more...

The IRS’s response: “We’re confident that these are not amateurs,” IRS Commissioner John Koskinen said.  “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.”

The IRS’s response is fair in some respects – cybercriminals have perpetrated attacks against large retail stores and small businesses.  But the difference between the IRS’s identity theft epidemic and the private sector is that no other private company or government agency continues to lose more than $5 billion year after year to the same crime.  That the IRS’s data security systems did not shield the agency – and taxpayers – from an international hack of this caliber is as frightening as it is reflective of the fact that the agency’s systems are simply vulnerable.  What Commissioner Koskinen should understand is that if a large bank were losing billions of dollars year after year to the same brand of fraud, the bank would do something about it to stop the bleeding.

Perhaps more than anything else, this cyber-attack reveals that stolen identity tax refund fraud is not a problem the Government can prosecute its way out of.  Resources are limited and the IRS should spend every last dime on making it harder to steal money from the Treasury by improving filters, enhancing its data security systems, and protecting taxpayers from becoming victims of identity theft – not on seeking long prison sentences for the less sophisticated identity thieves the Government can actually catch.  If resources are the issue, the IRS should ask Congress to reallocate funding to cyber-infrastructure improvements and retain a company like Google to help.

Ultimately, this may be an embarrassment to the IRS – but perhaps it can also be the beginning of improved technology, improved policies and procedures, and improved perspectives on how to combat the identity theft tax fraud epidemic.

Editor Update: TIGTA released a report today called Efforts Are Resulting in the Improved Identification of Fraudulent Tax Returns Involving Identity Theft. It discusses IRS efforts to combat identity theft.

From its press release:

TIGTA recommended that the IRS continue to evaluate clustering filters to ensure that they properly identify tax returns with multiple uses of addresses and/or bank accounts; expand identity theft filters to address filing patterns that may indicate that a tax return is related to identity theft; and outline specific actions and time frames for implementation of a process to deactivate ITINs assigned prior to Jan. 1, 2013, including ITINs assigned to individuals who are now deceased.

 

Warren Buffet Calls for Expanding EITC: Tax Administration Impact Highlights There is No Free Lunch

This post originally appeared in the Forbes PT site on May 26, 2015.

One of the hot button political issues of the day is income inequality. The stagnation of low-income workers’ wages has focused attention on policies to offset that, such as possibly raising the minimum wage or boosting tax benefits. Last week, Warren Buffet in an Op-Ed piece in the Wall Street Journal chimed in, first situating inequality in today’s economy:

That mismatch is neither the fault of the market system nor the fault of the disadvantaged individuals. It is simply a consequence of an economic engine that constantly requires more high-order talents while reducing the need for commodity-like tasks.

He then offers his views that a better approach to inequality is to increase the EITC rather than boost the minimum wage:

The better answer is a major and carefully crafted expansion of the Earned Income Tax Credit (EITC), which currently goes to millions of low-income workers. Payments to eligible workers diminish as their earnings increase. But there is no disincentive effect: A gain in wages always produces a gain in overall income. The process is simple: You file a tax return, and the government sends you a check.

In essence, the EITC rewards work and provides an incentive for workers to improve their skills. Equally important, it does not distort market forces, thereby maximizing employment.

As this is not a macroeconomics policy blog, I leave it to others to discuss the causes costs and possible solutions to the inequality Mr. Buffet speaks of.

This is, however, a tax procedure and administration blog, and much of what Mr. Buffet says, as well as some of the response it has drawn, sweeps in issues of tax administration. I will discuss some of those issues in this post, including overclaims, identity theft and program participation.

read more...

Error, Fraud and Identity Theft

First, in couching support for expanding EITC, Mr. Buffet does note some issues with EITC, most of which relate to the IRS’s administering the program.

He discusses how “[f]raud is a big problem; penalties for it should be stiffened.”

While there is no doubt that EITC suffers from a considerable overclaim rate (I discussed recent data on EITC overclaims in IRS Issues New Report on EITC Overclaims) the statement may lead some to believe that the overclaims are all attributable to fraud; GAO and others looking at the EITC overclaim issue identify multiple sources of noncompliance; only one is fraud. Moreover, as my fellow Forbes contributors Kelly Erb and Janet Novack note there are already in place some of the most draconian penalties on the books for fraudster EITC claimants, including a 10-year ban on fraudulent claims, a penalty I have discussed in the past year in The Ban on Claiming the EITC: A Problematic Penalty. EITC fraud penalties will do little to address the underlying compliance issues.

As a practical matter, it is hard to push for expanding the EITC when IRS has a hard time relative to other transfer programs in stopping erroneous claims. For example, my Forbes colleague Janet Novack states,

Its already substantial size–as much as $6,242 for parents with three or more qualifying children and $5,548 for those with two kids–combined with pressure for the Internal Revenue Service to administer the credit on the cheap, has set off a tsunami of identity theft tax fraud that has swamped both the IRS and some of the very workers the EITC is supposed to help.

Janet (looking to Keith’s Senate testimony from this spring) suggests that Congress should get the IRS tax administration house in order through adequately funding IRS, regulating preparers and accelerating the reporting of information returns to give the IRS a fighting chance to administer the program.

Many articles focus on EITC error costs without considering the program’s reduced direct administrative costs; Janet’s post also sensibly compares the differences across programs, noting that IRS spends only about 1% to administer the EITC. I offer some more on this issue. EITC given lack of upfront eligibility administrative mechanisms is much cheaper to administer than other transfer programs such as TANF and SNAP (food stamps). Congressional testimony this year from the NTA (at page 26) lays this out nicely.

I couId not agree more that if Congress asks IRS to do more in terms of delivering benefits through expanding the EITC it needs to give the agency the tools to do the job right. A major part of the allure of having IRS in the mix is the low administrative costs Yet that figure is misleading, as Janet notes (also referring to Keith), we are just pushing costs on other parties, including the claimants who struggle in the audit process and all of us as IRS is pressured to audit EITC claimants at perhaps a far higher rate than it should given that most of the individual tax gap stems from the underreporting of income among self-employed taxpayers.

How does identity theft fit in with this? As to identity theft, it is a huge problem for the tax system. Yet, identity theft is a problem that is quite different from the EITC compliance problem. Only a small amount of EITC overclaims is due to identity theft; the overwhelming majority of EITC error is due to the misclaiming of qualifying children who do not reside with the claimant.

[Update: Since posting this story yesterday IRS revealed that it was subject to a major breach that allowed data thieves access to tax return information of over 100,000 people. The breach led to IRS sending over  $50 million in fraudulent refunds before it detected the problem. The news highlights the challenges that identity theft presents to the tax system (and our economy overall).]

We are going to run posts discussing identity theft in greater detail, but for now I note that the identity theft problem is mainly due to IRS issuing refunds before it has access to third party documentation that would allow it to prevent issuing refunds to the wrong person. From the 2015 GAO report Additional Actions Could Help the IRS Combat the Large Evolving Threat of Refund Fraud:

[Fraudulent Identity Theft] refund fraud takes advantage of IRS’s “look-back” compliance model. Under this model, rather than holding refunds until completing all compliance checks, IRS issues refunds after conducting selected reviews. While there are no simple solutions, one option is earlier matching of employer-reported wage information to taxpayers’ returns before issuing refunds. IRS currently cannot do such matching because employers’ wage data (from Form W-2s) are not available until months after IRS issues most refunds. Consequently, IRS begins matching employer-reported W-2 data to tax returns in July, following the tax season. If IRS had access to W-2 data earlier—through accelerated W-2 deadlines and increased electronic filing of W-2s—it could conduct pre-refund matching and identify discrepancies to prevent the issuance of billions in fraudulent refunds.

EITC errors mainly relate to the misclaiming of qualifying children, and in particular their residence. To claim an EITC with children, claimants need not only the taxpayer’s SS# but also the children’s numbers. That makes most EITC claims more difficult for identity fraudsters. Moreover, IRS filters addressing possible EITC errors add another layer of defenses making it less likely for identity fraudsters to get their illicit refunds.

There are administrative and legislative tools available to combat identity theft, including changing the time which IRS issues refunds or accelerating the filing of third party data. No doubt that the possibility of credit driven refunds attracts identity fraudsters to our tax system, but dummying up tax returns with phony withholding amounts that take advantage of the IRS’s lack of early access to information returns is the main tool of the identity theft fraudster.

Whether Congress expands EITC or not, the identity theft problem will persist and get worse, unless Congress and IRS take actions to reverse its look back compliance model.

Participation and Filing

In Buffet’s piece in the WSJ, he also discusses how “[t]here should be widespread publicity that workers can receive free and convenient filing help.”

The statement brings attention to one challenging aspect of housing a benefits’ program in the tax system. Benefits’ programs in other areas tend to have an application process that revolves on a greater ex ante review process through the form of case workers and government bureaucrats reviewing eligibility before doling out benefits. The tax system essentially has assumed (with safeguards like document matching and the threat of audit) that taxpayers on their own or increasingly through assistance like software or commercial preparers are accurately preparing their eligibility statements in the form of tax returns.

The tax system’s approach has substantial costs, one of which is that claimants often have to pay third parties to get their claims (tax returns) in; the market has stepped in in the form of software and commercial preparers, both of which are major players in the tax administration landscape. The issue of return prep costs warrants a separate post but suffice to say claimants often pay dearly to get access to their refunds. For example, the National Consumer Law Center earlier this year released its annual study on preparation and related costs. It looks at EITC and goes through the various charges in addition to return preparation charges. As to the specific charges for return preparation (separate from ancillary fees, like fees for quicker access to cash from the refund, which in the last filing season to over $424 million) the report notes that mystery shopper testing has documented preparation fees up to $400 or $500 per return. The GAO in an April 2014 study found that the fees charged for tax preparation varied widely, even between offices affiliated with the same chain.

Despite the costs, there is, however, access to free income tax return filing. IRS through its Free File program makes free filing available to taxpayers with incomes below $60,000, but the take up on that has not been stellar and some have criticized its approach of opening up claimants to other fees. Likewise, VITA prep centers are available to help claimants prepare returns for free. All else being equal it would be better if more claimants could access their refunds without having to pay for the privilege of getting their benefits.

Despite many paying prep fees and other costs one of the aspects of the EITC thought of as a positive is its high take up rate. Yet some of the criticism of Mr. Buffet’s plan also focuses on that there is only an about 80% participation rate, As my Forbes colleague Kelly Erb notes, “[t]he IRS estimates that only four of five eligible taxpayers take advantage of the existing credit: nearly 20% eligible taxpayers either don’t know about it or simply don’t take advantage.”

Yet, in looking at other transfer programs, 80% participation is not bad at all and is roughly consistent with SNAP (food stamps) and much higher than TANF, which is well below 50%. But when you look at the EITC numbers more closely, the 80% figures are misleading because the participation rates are very sensitive to the amount potentially on the table for EITC claimants, i.e., the take up rates are much higher when taking into account the dollar amount of EITC eligible. For example, in a study published in the IRS 2009 research conference looking at 2005 tax year data, EITC participation rate was 88% when refunds were over $3,000 and about 90% when refunds approached $4,000 (see page 1982).

In other words, for the people whom Congress intends to benefit the most, the EITC participation rates are higher than just about any other transfer program.

One other point weaves in the themes of identity theft and participation. In Janet Novack’s post she discusses Forbes contributor Laura Shin’s reporting about a low-wage McDonald’s worker who decided against filing a tax return claiming thousands in EITC due to her being an identity theft victim. This suggests that prior victimization will chill people from claiming an EITC. IRS actually has in place procedures to facilitate victims to file current year returns, including getting a secure Identity Protection PIN. I am not aware of research suggesting that identity theft is a major barrier for eligible claimants from participating in claiming EITC, but no doubt that prior victimization may contribute to eligible claimants being wary about spending money and time on return preparation costs.

Some Parting Thoughts

As Mr. Buffet knows, there is no such thing as a free lunch. Using the tax system to deliver benefits is no silver bullet when it comes to addressing inequality. To administer the tax system as we know it today is no easy task. When Congress asks the IRS to do more, there are costs to taxpayers and the system overall. As Congress considers whether to ratchet up EITC, it should do so with the absence of rhetoric. It should also consider the tools it wants to give IRS to combat errors as well as address what costs it wants to impose on claimants and third parties. The current system passes costs on others, many of which are hidden. As with lunch, someone has to pick up the tab.

 

 

 

 

 

 

From Lindbergh to Nixon to Stegman – Fixing Information Flow in Identity Theft Cases

 

Recently, the United States District Court for the District of Kansas in the case of Kathleen Stegman ruled that the IRS could keep from the taxpayer the return filed by someone using her identifying information.  The sad part here is that the administrative decision to withhold the returns from her and the Court’s decision sustaining the IRS refusal to turn over the information seems to correctly reflect the law as it stands.  The law should change and taxpayers should have the ability to access documents using their identifying information.

ID theft over the last decade has far outstripped other consumer issues as our biggest problem.  It creates issues outside the tax world but also creates major problems for taxpayers and the IRS as identity thieves use stolen information to file returns and obtain refunds.  When the IRS realizes that the refund it issued may have been inappropriate, it contacts the taxpayer with an audit notice.  Sometimes, because of the address the IRS has on the return, the taxpayer does not receive notice of the problem until it has entered the collection process.  At whatever point in the process the actual taxpayer, as opposed to the now long departed thief, hears from the IRS, the taxpayer has no knowledge of what happened yet must try to defend him or herself from an assessment of taxes.

read more...

What Gives Rise to the Problem: Nixon and Section 6103

In an effort to defend themselves, taxpayers request from the IRS the return filed, giving rise to the problem and the nightmare begins. If the taxpayer mentions to the IRS that they did not file the offending return and they are the victim of identity theft, the IRS refuses to provide them with a copy of the return taking the position that the disclosure laws prohibit the release of the information to the taxpayer since the taxpayer did not file the return.  The IRS position on turning over a copy of the return, based upon section 6103 and upheld in this recent decision, places the taxpayer in a Catch 22 situation.  The IRS does not back away from pursuing the assessment or collection of the tax from the true taxpayer because the taxpayer has invoked ID theft.  It just refuses to let the person know the basis for the action the person must defend.  Whether your mind wanders to the writings of Joseph Heller or Franz Kafka, the taxpayer sits in a bad spot having already suffered at the hands of the ID thief and now posed to suffer more.

How did we get here? Because it’s always nice to place blame on someone, we can place blame here on Richard Nixon.  President Nixon decided to go after his political enemies by having the IRS do the work.  He attempted to politicize the IRS and then Commissioner Donald Alexander became a hero by standing up to him.  Congress, where many of President Nixon’s enemies worked, did not take kindly to the President’s use of the IRS to attack his enemies and so Congress engaged in an extensive reform of the disclosure laws in order to prohibit such a thing from happening again.  I wrote about the history of the disclosure laws in an article designed to seek reform in the way we disclose the private collection of taxes if you have an interest in the history leading up to the changes in section 6103.  Famous aviator Charles Lindbergh gets mentioned in the title to this post because the kidnapping of his baby touched off a debate in the 1930s about the privacy of return information leading to return information mostly being private but giving the administration some discretion which President Nixon abused.

The changes to the disclosure laws brought about by President Nixon’s attempted abuse of the system improved the system greatly but occurred without thought to the explosion of ID theft that would occur several decades later. The interpretation of the disclosure laws to prohibit a taxpayer from obtaining documents that form the basis for proposed or actual assessments against them makes no sense except through the interpretation of a statute never designed to address this situation.  Working from a clean slate one can hardly imagine that we would design a system of information flow prohibiting a taxpayer in this situation from accessing the very documents that create the problem for the taxpayer.  Yet, here we are.

Proposed Solutions: Fixing Section 6103 and Changing the Rules on Burden

In 2012 I was chair of the ABA Tax Section Low Income Taxpayer Committee. The chairman of the Tax Section had the idea that Congress would soon reform the tax code and the Tax Section should get ahead of the process by having each committee create legislative proposals that would exist for Congress to use when it undertook the process of reform.  Great idea and one similar to Calvin Johnson’s Tax Shelf project started a few years earlier.  The only problem with these great ideas is that Congress and the Administration have not yet reached the point where they want to reach agreement on the long overdue reform process.  Anyway, my committee proposed a legislative fix to the ID Theft problem that would allow a taxpayer to access tax returns and return information submitted using the taxpayer’s identifying information.  If such a provision were added to Section 6103, it would provide a fix to the problem facing Ms. Stegman.  Some Congressional proposals on this issue also exist.

Other ways exist to fix this problem when it gets into the courts and the taxpayer seeks to contest the liability imposed as a result of a return filed by someone else. The situation has many similarities to that facing Mr. Portillo.  Congress reacted to the problem raised in Portillo by enacting section 6201(d) placing the burden on the IRS of proving the correctness of third party returns filed with the IRS providing information about the taxpayer.  The vast majority of these third party returns such as Form W-2 and Form 1099 contain correct information about the taxpayer listed and enable the IRS to easily monitor the correctness of returns filed by taxpayers but some of these third party forms contain incorrect information.

The IRS position concerning these returns leading up to Portillo and the enactment of section 6201(d) was to rely on the ordinary burden of proof rules. The IRS would get the third party information, question the taxpayer why the taxpayer did not report the third party information and when the taxpayer said they did not know anything about the third party information the IRS would say prove it – and, by the way, you have the burden of proof.  Taxpayers faced with the difficult if not impossible circumstance of proving a negative ran into a stonewall within the IRS but eventually persuaded courts, and Congress, that ordinary burden of proof rules designed to place the burden of proof on taxpayers who controlled the records should not apply when the taxpayer does not control the records.

That same type rule should apply here as well. In addition to changing the disclosure laws to allow the taxpayer to know the basis for the IRS assertion of additional liability, a taxpayer raising ID Theft as a defense to a liability in a credible way should shift the burden of going forward to the IRS.  If the burden shifts to the IRS, it will have to come forward with the information in its file in order to prove that the real taxpayer actually does owe the liability.

Stegman and the Crime Victim’s Rights Act

The Stegman case highlights problems that occur in ID Theft cases; however, she attacked the problem in an unconventional way – at least unconventional for a tax lawyer. She did not bring suit against the IRS seeking a release of information under Section 6103 but rather under the Crime Victim’s Rights Act.  Under that provision of the penal section of the United States Code she sought to obtain the return filed fraudulently using her identity.  The IRS and Department of Justice refused to provide the fraudulent return to her under that provision – at least at the point in time this case occurred – and the District Court agreed with the Government dismissing her case for failure to state a claim on which relief can be granted.

Ms. Stegman learned of the identity theft when contacted by an IRS special agent. She asked the special agent to see the 2012 and 2013 returns which allegedly contained a fraudulent use of her ID and made her the victim of a crime and he refused to provide them to her but told her to go to an IRS walk in office where she could get them (apparently he was not familiar with IRS procedures and its interpretation of 6103.)  She actually found a walk in office that was open, waited 40 minutes to see someone (not a bad wait time) and was told that she could not see these returns (queue the IRS position on 6103 which may be a correct interpretation of the current statute.)

Instead of letting the matter drop, she brought suit as a crime victim. The problem with this approach is that the statute requires that someone be charged with a crime.  At the point in time the special agent notified her of the ID theft and at the time she brought suit, no charges had been brought.  Without the existence of an accused person, Ms. Stegman could not successfully use Crime Victim’s Rights Act to pursue relief by obtaining information about the crime.  This aspect of the act reasonably protects persons from an “unbridled gallop to any and all information in the government’s files.”

Conclusion: What to Do If You Face the Problem

Given the current state of the disclosure law in the ID Theft area if you have a client who you suspect is the victim of ID Theft do not mention that fact to the IRS until you get the tax information in their account from the IRS. Once you get the information, then you can raise this defense but until the law changes, seek the information first and raise the defense later.  The National Taxpayer Advocate has written many times on the ID Theft issue.  The IRS has not necessarily addressed the problem in the best manner for taxpayer but is struggling itself to keep up with the amount of ID Theft in the face of staffing shortages.  While allowing taxpayers to see the material submitted by the thief will not fix all of the problems in this area, it will make it much easier for victims and the IRS to talk about the problem and work toward a resolution.  Using the inspirational literature of Heller and Kafka as well as the earlier legislative actions to fix the problems caused by President Nixon and facing Mr. Portillo, Congress should step up and enact an amendment to section 6103 allowing victims to get the information submitted with their tax identifying information.  This may be one of the easiest reforms to enact.